Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/5fJPK__Dd4uC8R8N04WEVU8iy9U.roa
File:                     5fJPK__Dd4uC8R8N04WEVU8iy9U.roa (raw, json)
Hash identifier:          Qmkh3K7ul3A46uEpsUvjv4q6QEbDrXxxORLblbao0V0=
Subject key identifier:   E5:F2:4F:2B:FF:C3:77:8B:82:F1:1F:0D:D3:85:84:55:4F:22:CB:D5
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       0195B2FEAD8D184383279F6F0DC606A81C5E
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/5fJPK__Dd4uC8R8N04WEVU8iy9U.roa
Signing time:             Thu 20 Mar 2025 09:59:49 +0000
ROA not before:           Thu 20 Mar 2025 09:59:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197016
IP address blocks:        2a07:3501:1070::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b2:fe:ad:8d:18:43:83:27:9f:6f:0d:c6:06:a8:1c:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Mar 20 09:59:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5f24f2bffc3778b82f11f0dd38584554f22cbd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6e:4d:1b:44:43:52:4a:67:96:e5:bf:c8:67:
                    ac:00:03:1e:91:22:12:cd:8b:49:a7:c6:79:0c:9c:
                    cc:c3:22:ca:56:b9:f7:8e:7f:f4:56:f3:cd:a3:51:
                    24:05:cc:37:48:28:71:a0:fa:fd:e5:90:d0:74:d9:
                    72:3c:37:b2:7c:4e:c8:4f:3b:40:d8:93:c8:da:18:
                    6e:7e:4e:f5:e7:43:ea:9a:6e:38:6a:a2:e5:b7:58:
                    b4:76:66:15:ab:3b:9e:ab:6f:bd:5e:99:7e:7f:7f:
                    e6:5b:8d:32:1e:07:8b:a1:1f:4a:59:66:50:e9:18:
                    5c:13:32:83:1d:96:4d:80:8d:1c:37:20:21:76:fa:
                    88:b5:91:4a:76:ab:11:b9:a1:ab:74:af:86:d4:74:
                    06:03:63:a5:b7:15:e6:1e:ea:f5:07:7d:14:0a:d8:
                    c3:0d:61:be:39:5d:76:58:2d:51:5b:44:95:d7:2a:
                    f3:95:d5:41:79:3b:25:7f:81:1e:68:c6:a2:ff:66:
                    54:80:c6:14:ce:6b:06:7d:e7:ec:77:c0:a3:90:8a:
                    b2:35:e3:01:e0:7f:c2:8c:02:77:6d:90:40:4e:c2:
                    1d:03:65:bb:a0:e5:3b:f2:0b:11:27:2e:1e:06:f5:
                    f0:30:43:ea:fb:2a:27:6f:80:16:05:04:9a:ad:4a:
                    d5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:F2:4F:2B:FF:C3:77:8B:82:F1:1F:0D:D3:85:84:55:4F:22:CB:D5
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/5fJPK__Dd4uC8R8N04WEVU8iy9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3501:1070::/46

    Signature Algorithm: sha256WithRSAEncryption
         9e:22:0e:c3:04:e7:8d:e0:ac:c0:9a:7d:e6:cf:6f:73:51:80:
         d0:99:bf:b7:34:aa:b1:16:47:97:0b:98:a3:bc:ed:8c:0f:37:
         38:dc:d4:e0:a6:8c:99:e9:77:b6:99:74:71:03:0a:f1:25:31:
         88:26:66:86:ac:a7:86:2d:a0:c1:23:15:0b:ff:6e:69:e6:14:
         7f:b2:93:ad:05:68:04:07:a8:d8:98:dd:32:06:1b:82:4d:ca:
         f7:f9:64:63:72:af:72:9b:3d:17:53:e7:cf:04:d9:c5:40:b2:
         2a:6a:12:dd:25:1d:98:91:fe:b0:ca:15:8b:ac:27:4a:5f:3e:
         ec:24:de:5e:1b:27:60:11:0f:02:85:2c:bf:f4:99:08:4a:11:
         14:25:ec:cc:d6:e6:22:04:a6:b4:e9:81:35:57:16:2a:55:0a:
         a4:5e:65:b5:f7:11:a6:c6:6c:88:2d:07:55:3e:cd:fb:67:95:
         a7:e6:ab:8e:e9:ad:34:e3:97:9b:dc:f8:66:4e:4e:10:a2:4d:
         50:0b:bb:74:56:1a:fd:56:57:f7:b5:49:1b:f5:8c:59:c0:ac:
         af:13:dc:97:c1:fe:9a:b6:5d:93:38:98:54:81:f0:10:8b:7b:
         70:37:b5:2c:25:80:2d:aa:63:96:7b:4a:b2:65:59:32:c1:7d:
         06:e8:f9:93
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZWy/q2NGEODJ59vDcYGqBxeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjUwMzIwMDk1OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWYyNGYyYmZmYzM3NzhiODJmMTFmMGRkMzg1ODQ1NTRmMjJjYmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuW5NG0RDUkpnluW/yGesAAMekSIS
zYtJp8Z5DJzMwyLKVrn3jn/0VvPNo1EkBcw3SChxoPr95ZDQdNlyPDeyfE7ITztA
2JPI2hhufk7150Pqmm44aqLlt1i0dmYVqzueq2+9Xpl+f3/mW40yHgeLoR9KWWZQ
6RhcEzKDHZZNgI0cNyAhdvqItZFKdqsRuaGrdK+G1HQGA2OltxXmHur1B30UCtjD
DWG+OV12WC1RW0SV1yrzldVBeTslf4EeaMai/2ZUgMYUzmsGfefsd8CjkIqyNeMB
4H/CjAJ3bZBATsIdA2W7oOU78gsRJy4eBvXwMEPq+yonb4AWBQSarUrVKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOXyTyv/w3eLgvEfDdOFhFVPIsvVMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvNWZKUEtfX0RkNHVDOFI4TjA0V0VWVThpeTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgc1ARBw
MA0GCSqGSIb3DQEBCwUAA4IBAQCeIg7DBOeN4KzAmn3mz29zUYDQmb+3NKqxFkeX
C5ijvO2MDzc43NTgpoyZ6Xe2mXRxAwrxJTGIJmaGrKeGLaDBIxUL/25p5hR/spOt
BWgEB6jYmN0yBhuCTcr3+WRjcq9ymz0XU+fPBNnFQLIqahLdJR2Ykf6wyhWLrCdK
Xz7sJN5eGydgEQ8ChSy/9JkIShEUJezM1uYiBKa06YE1VxYqVQqkXmW19xGmxmyI
LQdVPs37Z5Wn5quO6a0045eb3PhmTk4Qok1QC7t0Vhr9Vlf3tUkb9YxZwKyvE9yX
wf6atl2TOJhUgfAQi3twN7UsJYAtqmOWe0qyZVkywX0G6PmT
-----END CERTIFICATE-----